VYPR

Xfilesharing

by Sibsoft

CVEs (2)

  • CVE-2019-18952CriNov 13, 2019
    risk 0.67cvss 9.8epss 0.45

    SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP.

  • CVE-2019-18951HigNov 13, 2019
    risk 0.53cvss 7.5epss 0.20

    SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.